|
Building Cisco Multilayer Switched Networks 3.0 (BCMSN)
5 Days Instructor-Led
Course Overview
Building Cisco Multilayer Switched Networks (BCMSN) v3.0 is a five-day instructor-led course. This course will instruct the learner in how to create an efficient and expandable enterprise network by installing, configuring, monitoring, and troubleshooting network infrastructure equipment according to the Campus Infrastructure module in the Enterprise Composite Network Model (ECNM).
PrerequisitesThe knowledge and skills a learner must have before attending this course include:
Completion of the course ICND 1&2 or CCNA Bootcamp
Ability to complete the initial configuration of a switch
Ability to configure a switch with VLANs
Ability to create basic interswitch connections
Ability to troubleshoot a VLAN
Ability to complete the initial configuration of a router
Who will benefit from this course?
Building Cisco Multilayer Switched Networks (BCMSN) v3.0 highly recommended for any individual
responsible in any way for maintenance, operation, or troubleshooting of Cisco Layer 2 and Multilayer switches. The goal is to train network administrators in the technology and capabilities of multilayer switches to allow for supporting a dramatic increase the number of end stations, and the interleaving of voice, video, and data, while ensuring a reliable network infrastructure.
Course Objectives:
After completing this course the student should be able to:
Describe the Campus Infrastructure module of the ECNM
Define VLANs to segment network traffic and manage network utilization
Explain the procedure for configuring both 802.1Q and ISL trunking between two switches so that VLANs that span the switches can connect
Describe how VLAN configuration of switches in a single management domain can be automated with the Cisco proprietary VTP
Implement high availability technologies and techniques using multilayer switches in a campus environment
Describe WLANs
Describe and configure switch infrastructure to support voice
Describe and implement security features in a switched networkCourse Outline
Module 1: Network Requirements
In this module, learners gain an understanding the Cisco hierarchical network model as it pertains to the campus network.
Lesson 1: Introducing Campus Networks
Define IIN and Cisco SONA frameworks
Describe the Cisco enterprise architecture and how it maps to the traditional threelayer
hierarchical network model
Describe the devices in a nonhierarchical network
Identify problems that can occur in a nonhierarchical switched network
Identify problems that can occur in a nonhierarchical routed network
Define multilayer switches in a nonhierarchical network
List the issues that occur with multilayer switches and VLANs in a nonhierarchical network
Describe the enterprise composite model, which can be used to divide the enterprise network into physical, logical, and functional boundaries
List the benefits of the ECNM
Describe the Campus Infrastructure module of the ECNM
Identify the two interfaces used to configure Cisco Catalyst switches
Module 2: Defining VLANs
This module defines the purpose of VLANs and describes how VLAN implementation can simplify network management and troubleshooting and can improve network performance. When VLANs are created, their names and descriptions are stored in a VLAN database that can be shared between switches. The learner will see how design considerations determine which VLANs will span all the switches in a network and which VLANs will remain local to a switch block. The configuration components of this module will describe how individual switch ports may carry traffic for one or
more VLANs, depending on their configuration as access or trunk ports. This module explains both why and how VLAN implementation occurs in an enterprise network.
Lesson 1: Implementing Best Practices for VLAN Topologies
List the issues that can occur in a poorly designed network
Given a sample organization, explain how to designate VLANs for the organization
Describe the different network interconnection technologies and identify their appropriate usage in a campus network
Determine the equipment and cabling needs on the various links of VLANs in a campus network
Map a hierarchical IP addressing scheme to the VLANs in a campus network
Identify the most common traffic sources and their destination on a campus network
Lesson 2: Implementing VLANs
Define and end-to-end VLAN
Define a local VLAN
Describe the benefits of implementing local VLANs in a campus network
Describe the VLAN confifguration modes and their functions
Define a VLAN access port
List the commands to implement a VLAN
List the steps to createa VLAN and associate it with an accesss port
Lesson 3: Implementing Trunks
Describe a VLAN trunk in an enterprise network
Describe ISL trunking
Describe 802.1Q trunking
Define an 802.1Q native VLAN
Explain VLAN ranges and their usage
Identify the commands used to configure trunking
Explain the procedure to configure trunking
Describing Trunking Configuration Commands
Configuring Trunking
Lesson 4: Propagating VLAN Configurations with VTP
Define a VTP domain in a campus network
Define VTP
Describe the three different VTP modes
Describe VTP Pruning
Describe how VTP distributes and synchronizes VLAN information
Describe the commands used to configure and verify a VTP management domain
Describe the procedures to configure a VTP management domain
Describe the procedure to add a new switch to an existing VTP domain
Lesson 5: Correcting Common VLAN Configuration Errors
Identify the security issues with 802.1Q native VLANs
Describe how to resolve the security issues with 802.1Q native VLANs
List key problems that result from trunk link configuration
Identify best practices for resolving trunk link problems
Identify common problems with VTP configuration
Describe best practice for VTP configuration
Module 3: Implementing Spanning Tree
This module introduces the fundamentals of Spanning Tree Protocol (STP) operation in a switched network. The root bridge will be explained as well as how the root bridge and its backup are elected. Features for enhancing the performance of STP will be coverednamely, Rapid STP (RSTP) and Multiple STP (MSTP). The learner will discover how EtherChannel is configured and how it interoperates with STP. The module also provides guidelines on improving STP resiliency when network faults occur.
Lesson 1: Describing the STP
Describe a transparent bridge
Identify the traffic patterns in a bridge loop
Define a loop-free network
Describe the 802.1D STP
Define a root bridge
Describe the four port roles
Describe PortFast, PVST+, RSTP, MSTP, and PVRST
Lesson 2: Implementing RSTP
Describe the RSTP
Describe the three RSTP port states
Describe the five different RSTP port roles
Explain an edge port
Describe the function of the different RSTP link types
Differentiate the 802.1w use of the BPDU from 802.1D
Describe the stages of the RSTP proposal and agreement process
Describe the process that RSTP uses to notify all bridges in the network of a TC
Describe the commands used to implement RSTP
Explain the procedure to implement RSTP in a switched network
Identifying the RSTP TCN Process
Describing PVRST Implementation Commands
Implementing PVRST Commands
Lesson 3: Implementing MSTP
Describe MSTP
Describe the characteristics of an MST region
Describe changes to the Bridge Priority field to accommodate the MSTP instance number
Describe how MASTP operates with CST
Describe the commands used to implement MSTP
Explain the procedure to implement MSTP in a switched network
Lesson 4: Configuring Link Aggregation with EtherChannel
Describe EtherChannel
Compare the PagP and LACP
Describe the commands used to configute EtherChannel
Describe the guidelines and best practices for configuring port channels using EtherChannel
Configure load balancing among the ports included in an EtherChannel
Module 4: Implementing Inter-VLAN Routing
A switch with multiple VLANs requires a means of passing Layer 3 traffic between those VLANs. This module describes both the process and various methods of routing traffic from VLAN to VLAN. A router that is external to the Layer 2 switch hosting the VLANs can provide the inter-VLAN routing.
When routing occurs within a Cisco Catalyst multilayer switch, Cisco Express Forwarding (CEF) is deployed to facilitate Layer 3 switching through hardware-based tables, providing an optimal packet-forwarding process. When CEF is implemented, routing is enabled between VLANs through the configuration of switch virtual interfaces (SVIs) associated with the various VLANs on the multilayer switch.
Lesson 1: Describing Routing Between VLANs
Describe how inter-VLAN routing works using and external router
Describe the commands used to configure inter-VLAN routing using an external router
Explain the procedure to configure inter-VLAN routing using an external router
Explain how switching interfaces use the forwarding engine to implement Layer 2 and Layer 3 switching
Describe the frame rewrite process
Lesson 2: Enabling Routing Between VLANs on a Multilayer Switch
Describe a Layer 3 SVI
Describe commands used to configure inter-VLAN routing on a multilayer switch through
an SVI
Explain the procedure to configure inter-VLAN routing on a multilayer switch
Describe a routed port on a multilayer switch
Describe commands used to configure a routed port on a multilayer switch
Explain the procedure to configure routed ports on a multilayer switch
Lesson 3: Deploying CEF-Based Multilayer Switching
Explain Layer 3 switch processing
Explain a CEF-based multilayer switch
Describe the process that a multilayer switch uses to forward packets
Describe the commands used to configure CEF on Cisco Catalyst multilayer switches
Explain the procedure to enable CEF-based MLS
Describe common problems that can occur with CEF and solutions
Describe the commands used to troubleshoot CEF on multilayer switches
Explain the procedure to troubleshoot problems with CEF-based MLS
Module 5: Implementing High Availability in a Campus Environment
A network with high availability provides alternative means by which all infrastructure paths and key servers can be accessed at all times. The Hot Standby Router Protocol (HSRP) is one of those software features that can be configured to provide Layer 3 redundancy to network hosts. HSRP optimization provides immediate or linkspecific failover as well as a recovery mechanism. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) are derivatives of HSRP, providing additional Layer 3 redundancy features, such as load balancing.
Lesson 1: Configuring Layer 3 Redundancy with HSRP
Describe routing issues that occur when using default gateways and proxy ARP
Describe how router device redundancy works
Describe HSRP
Describe how HSRP operates to provide a nonstop path redundancy for IP
Describe the six HSRP states and their functions
Describe the commands used to configure HSRP
Explain the procedure to enable HSRP
Lesson 2: Optimizing HSRP
Describe the options that can be configured to optimize HSRP
Explain the procedure to determine which HSRP operations require tuning in their
networks
Describe how a single router can be a member of multiple HSRP-standby groups to facilitate load
sharing
Describe the commands used to debug HSRP operations
Explain the procedure to debug HSRP operations
Lesson 3: Configuring Layer 3 Redundancy with VRRP and GLBP
Describe VRRP
Describe how VRRP supports transitions from a master to a backup router
Describe the commands used to configure VRRP and GLBP
Describe GLBP
Describe how GLBP provides balanced traffic on a perhost basis, using a round-robin scheme
Module 6: Wireless LANs
This module introduces wireless LANs (WLANs). WLAN is an access technology that has an increasing significance for network access in offices, factories, hotels, airports, and at home. This module explains the differences between wired and wireless LANs, describes WLAN topologies, and teaches the learner how to implement Cisco WLAN solutions.
Lesson 1: Introducing WLANs
Describe the different wireless data technologies that are currently available
Describe WLANs
Distinguish WLANs from other wireless data networks
Describe similarities and differences between WLANs and wired LANs
Lesson 2: Describing WLAN Topologies
Describe types of WLAN topologies
Describe WLAN access topologies
Explain roaming between wireless cells
Describe WLAN support for VLANs and QoS
Describe wireless mesh networking
Lesson 3: Explaining WLAN Technology and Standards
Describe the WLAN frequency bands and RF transmission
Describe WLAN regulations, standards, and certification bodies
Describe the IEEE 802.11b standard
Describe the IEEE 802.11a standard
Describe the IEEE 802.11g standard
Compare the 802.11b, 802.11g, and 802.11a standards for data rates, throughput, and coverage
Identify best practices for WLAN office design
Explain the need for WLAN security and describe the available WLAN security solutions
Lesson 4: Configuring Cisco WLAN Clients
Install the Cisco WLAN client adapter and the Cisco ADU
Use the Cisco ADU to configure the Cisco 802.11a/b/g WLAN client adapter
Use the Cisco ADU for diagnostics and troubleshooting of the WLAN client adapters
Use the Cisco Aironet Site Survey Utility to get information about available WLANs
Describe the WLAN configuration through Windows XP
Describe the Cisco ACAU
Describe the Cisco Wireless IP Phone
Describe the features and benefits of the Cisco Compatible Extensions program
Lesson 5: Implementing WLANs
Describe the implementation of the Cisco autonomous and lightweight WLAN solution
that is part of the Cisco implementation of WLANs
Describe how LWAPP is used in the Cisco lightweight WLAN implementation
Describe the components of the Cisco WLAN implementations
Describe Cisco Unified Wireless Networks
Describe Cisco Aironet access points and bridges
Describe PoE for access points and IP phones
Identify the types of antennas to use in WLAN environments
Explain multipath distortion
Describe the decibel calculation
Explain the established EIRP guidelines
Lesson 6: Configuring WLANs
List the different methods that can be used to configure autonomous access points
Describe the role performed by autonomous access points and bridges in a radio network
Describe how to configure an autonomous access point
Describe how to configure a WLAN controller
Describe how to perform the initial configuration of WLAN controllers via the command line and web browser
Describe how to configure WLAN controllers via the web browser
Module 7: Configuring Campus Switches to Support Voice
When migrating to a VoIP network, all network requirements, including power and capacity planning, must be examined. In addition, congestion avoidance techniques should be implemented. This module will highlight the basic issues and define initial steps to take to ensure that the VoIP implementation works correctly.
Lesson 1: Planning for Implementation of Voice in a Campus Network
Explain why an organization would want to run VoIP on the network
Describe the main components of a VoIP network, including IP-enabled PBX, user enddevices,
gateways and gatekeepers, and the IP network
Compare the uniform bandwidth consumption of voice traffic to the intermittent bandwidth consumption of data traffic
Describe a VoIP call flow through a network and where contention for bandwidth between
data traffic and voice traffic will occur
Explain an auxiliary VLAN
Identify a solution for latency, jitter, bandwidth, packet loss, reliability, and security
Explain the importance of high availability in the campus network to support a VoIP implementation, including such regulations as E911 that require 99.999 percent system availability for phones
Explain the need to add a UPS to wiring closets that do not already have them and to provision switches with inline power for IP phones
Lesson 2: Accommodating Voice Traffic on Campus Switches
Describe how QoS is applied for voice traffic in the campus module
Describe LAN-based classification and marking using a Layer 2 Cisco Catalyst
workgroup switch
Describe QoS trust boundaries and their significance in LAN-based classification and
marking
Explain the procedure to configure an access switch for the attachment of a Cisco IP Phone
Describe basic commands to be considered when voice traffic will traverse a switch
Explain the use of Cisco AutoQoS in Cisco Catalyst switches
Describe the commands that enable Cisco AutoQoS on Cisco Catalyst switches
Module 8: Minimizing Service Loss and Data Theft in a Campus Network
This module defines the potential vulnerabilities within a network related to VLANs. After the vulnerabilities are identified, solutions for each vulnerability are discussed, and configuration commands are defined. The module also discusses port security for denial of MAC spoofing, MAC flooding, and using PVLANs and VACLs to control VLAN traffic. VLAN hopping, DHCP spoofing, ARP spoofing, and STP attacks are also explained. The learner will also learn about potential problems, resulting solutions, the method to secure the switch access with use of vty ACLs, and implementing
SSH for secure Telnet access.
Lesson 1: Understanding Switch Security Issues
Describe switch and Layer 2 security as a subset of an overall network security plan
Describe how a rogue device gains unauthorized access to a network
Categorize switch attack types and list mitigation options
Describe how a MAC flooding attack works to overflow a CAM Campus Backbone Layer
table
Describe how port security is used to block input from deviced based upon Layer 2 restrictions
Describe the procedure to configure port security on a switch
Explain the sticky MAC option with port security
Describe security in a multilayer switched network
Describe the methods that can be used for authentication using AAA
Describe port-based authentication using 802.1x
Lesson 2: Protecting Against VLAN Attacks
Describe how VLAN hopping occurs and why it is a security vulnerability
Explain the procedure to configure a switch to mitigate VLAN hopping attacks
Describe VACLs and their purpose as part of
VLAN security
Explain the procedure to configure VACLs
Explain the purpose of a PVLAN
Explain the procedure to configure PVLANs as a means of network security
Lesson 3: Protecting Against Spoof Attacks
Describe what happens in a network during a DHCP spoof attack
Describe how the DHCP snooping feature provides security by filtering trusted DHCP
messages and then using these messages to build and maintain a DHCP snooping binding
table
Explain the procedure to configure DHCP snooping and IP Source Guard
Describe what happens in a network during an attack using ARP spoofing
Describe how DAI determines the validity of an ARP packet based on the valid MAC address to IP address bindings stored in a DHCP snooping database
Describe the commands that can be used to configure DAI
Explain the procedure to protect a network from ARP spoofing attacks
Lesson 4: Describing STP Security Mechanisms
Describe the methods that are available to protect the operation of STP
Describe the commands to configure BPDU guard
Describe the commands to configure BPDU filtering
Describe how root guard is used to improve the stability of Layer 2 networks
Describe the commands used to configure root guard
Lesson 5: Preventing STP Forwarding Loops
Describe how UDLD is used to detect and shut down unidirectional links
Describe how loop guard is used to protect against Layer 2 forwarding loops
Describe the commands used to configure UDLD and loop guard
Compare the features of loop guard and UDLD as they protect against unidirectional links
Lesson 6: Securing Network Switches
Describe how CDP can be used for an attack against a network
Describe the security vulnerabilities in the Telnet option
Describe security vulnerabilities in the SSH
Describe vty ACLs
Describe the commands used to apply ACLs to vtys
Describe general security considerations that should be applied in any switched network
